Hackers prey on Ford searches to boost rankings

Attackers use search-engine optimisation (SEO) to get their malicious sites to the top of results on Google and other search engines. On Monday night, researchers at PandaLabs started tracking this threat, which is ongoing, Sean-Paul Correll, threat researcher and security evangelist for Panda Security, told SCMagazineUS.com.

When searching for terms related to the automaker, including Ford car parts, model numbers, and reviews, the malicious sites appear at the top of Google search results, Correll said. If users visit one of the malicious sites, they are prompted to download and install a malicious codec, which then installs rogue security software called “MS AntiSpyware 2009, Correll said.

PandaLabs has posted a partial list of poisoned search terms on its blog. Among the long list of poisoned terms are "1950s Ford Thunderbirds," "2009 Ford" and "Ford parts catalog."

Correll said most users would run the download that shows up after they click on the link because they assume it is a video related to what they are searching for. But when doing so, a user's computer is silently being infected with rogue AV software, along with several other types of malware that PandaLabs has not yet studied, he said.

Once infected, a user is bombarded with pop-up advertisements, which are part of a pay-per-click affiliate-advertising scheme, Correll said. In addition, the user is prompted to purchase a “lifetime license” to the rogue AV for US$79.95.

“They are trying to get credit card and personal information from the user,” Correll said. “The US$80 payment is nice, but if they could extract more, they will.”

Correll said that with nearly 1.2 million malicious links, the crooks likely are using an automated system and could be leveraging a botnet to poison search results.

He added that Ford was likely targeted because there are a lot of probable search terms to take advantage of, since there are many different Ford model and parts.

“They are trying to maximise their profitability, and by targeting people who buy classic Fords, that's an affluent crowd that the cybercriminals are likely to extract money from,” Correll said.

Correll said that rogue AV has become an “epidemic.” Microsoft last week named these so-called scareware programs the top threat facing internet users.

By using SEO to spread rogue anti-virus software, cybercriminal gangs are netting as much as US$10,800 a day, according to a report released last month by security firm Finjan.

“You always have to educate users on these types of attacks,” Correll said. “Even though it seems it's the most common thing on the internet, people are still becoming infected, and the cybercriminals are still making millions of dollars.”

See original article on scmagazineus.com